Even though closed formulations (e.g. must, shall, is, etc) may be used in the following disclosure, this is not to be interpreted as essential features or facts without alternatives. Contrarily, the disclosure is to be interpreted as a number of examples and embodiments provided for illustrative and non-limiting purposes.
Mesh Network Concept
In a mesh network packets are typically relayed from a source node to a receiving node via “middle hands” such as one or more intermediate or relay node. The mesh network is typically distributed and messages may be passed in any direction. In mesh network there is typically no central base station to direct network traffic.
Relaying
A relay node may forward packets from a remote source node to a destination node through relays. A relaying event is sometimes referred to as a “hop” as the packet “hops” from one node to another until it reaches its destination. A relay node typically forwards a data packet using either routing, flooding or a hybrid manner                A flooding relay forwards all packets it receives to all nodes it can reach.        A routing relay forwards a packet only to other nodes close to the destination based on a routing table.        A hybrid relay uses both flooding and routing to forward a packet to a given destination based on the characteristics of the network design.        
Stateful or Stateless
A relay node relaying a message may or may not know whether a packet contains a query or a response. If the relay node does not know if the packet it is relaying is a query or response it is typically considered as a stateless relay node. If the network only consists of stateless relay nodes it is typically considered as a stateless network. If a relay node has the ability to distinguish between query and response, and by that, have the ability to keep track of the session between two nodes, it is considered a state-full relay node. A network consisting of state-full relay nodes may typically be considered a state-full network.
Network Packets
A network packet typically has a section that is considered a header and section that is considered a payload. The header comprises fields describing source, destination, state and consistency checks. The payload section comprises the data being transferred from one application to another. The header information may be used by the network to distinguish the routing path, state and/or consistency of a packet in a network. The packet header fields typically have a pre-defined size. Changing the size of a field typically breaks the protocol, which may result in the packet not being understood.
To prevent malicious attacks on the network and also to prevent flooding of the network some techniques have been developed.
Sequencing
In order to provide a network where an existing packet will not be captured by an attacker and sent again to the network to emulate an historical event, many network architects typically design the packet header to include a sequence number.
The sequence number typically comes in three forms.
1. A global network sequence counter. This counter method is based on the idea that all nodes can keep track of the most recent packet in the network and by investigating the header of this network discovering the sequence number. When the node is about to transmit its own new packet in to the network, it increments the previous network sequence counter by one to establish a new sequence.
2. Relational node sequence. The relational node sequence is initiated uniquely and maintained for each relationship a node has with another. The relational node sequence typically increments by one for each packet being transmitted between any two given nodes. The sequence is typically different depending on which nodes are communicating.
3. Network time counter. This is a global sequences counter that may increase once for every second in the entire network. A destination typically only accepts incoming packets that are addressed with a reasonable time. The range of time has to depend on the accuracy of the clocks in the network and the time of delivery of the packet.
Typically, sequence number model 1 and 2 require all sequence numbers to be unique while model 3 requires only the time to be accurate. The sequence number aims at protecting the network from having the same packets sent twice.
Time (Hops) to Live
A packet header may also contain a field describing Time To Live (TTL). TTL may refer to how many hops a packet may live in the network, i.e. how many relays it may be subjected to. For every relay forward of a data packet, the TTL counter is lowered by one. When the TTL reaches zero the packet will no longer be relayed. This typically aims at preventing the packet from entering endless loops in the network which may result in a flooded and/or congested network.
Limitations of Current Existing Sequencing Solutions
The current existing sequence solutions all have one shared major limitation.
The sequence number typically has a limited size in the packet header. This means that once that size has reached its maximum it will wrap back to previously used sequence numbers. Once this occurs an attacker may use previously recorded packets and transmit them back in to the network to cause an intrusion event For example a recorded door unlock command may be transmitted again so that the door unlocks.
The global sequence counter is typically hard to maintain as all nodes may not always receive all packets. It is also likely that existing sequence numbers will collide if two nodes are transmitting at the same time. Resolving such collision typically results in a bad user experience and may take a long time. A global counter may also wrap too fast if there are many nodes in the network.
The relational node sequence counter may also be hard to maintain for the same reason, and it also may require a large amount of memory to maintain tracking of all relationships. The relational counter does typically not work very well with group and multicast messages.
The network time counter may wrap on a pre-defined date making the time of the wrap known to the attacker. This may make the network an easier target to inject packets into. The accepted range of the network time counter is typically defined by the accuracy of the clock-drift of all other nodes. As a clock may slow down or speed up, synchronizing this field is typically difficult. The accepted range would also typically need to be adapted to the physical distance between the nodes and the amount of hops required to deliver the packet.
Time To Live
As the Time To Live (TTL) field typically requires modification from all relay nodes from source node to destination node, it cannot be encrypted or integrity protected. This opens up for an attacker recording a packet and changing the TTL header value to the maximum value and replaying it in to the network. In that event the network will relay the same packet between all relay nodes until the TTL has reached zero. This typically causes increased network traffic and disturbances in the network that might limit a vital security function from operating. For example, an alarm or a window sensor may be hindered from reporting a physical intrusion.
Statelessness
A stateless network cannot carry information where a given query is given a given response in a pre-defined set of time. This limitation disables the possibility to transmit Internet Protocol packets over a stateless carrier.
Therefore, there is a need for methods, arrangements of mesh network nodes and a mesh network for enhancing network security without affecting overall network traffic.